Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9479.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9479.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 5
Modified Filters (logic changes) - 5
Modified Filters (metadata changes only) - 3
Removed Filters - 0
Filters
----------------
New Filters: 38499: HTTP: Jenkins Pipeline Groovy Plugin Sandbox Bypass Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a sandbox bypass vulnerability in Jenkins Pipeline Groovy Plugin. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2019-1003030 - Classification: Vulnerability - Access Validation - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 01, 2020 38510: HTTP: PHP-Fusion Downloads.php Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in PHP-Fusion. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-24949 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 01, 2020 38511: HTTP: Nagios XI SNMP Trap SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Nagios XI. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 01, 2020 38513: HTTP: Apache OpenMeetings NetTest Web Service Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an attempt to use the NetTest service of Apache OpenMeetings. - Deployment: Not enabled by default in any deployment. - References: - Common Vulnerabilities and Exposures: CVE-2020-13951 - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 01, 2020 38515: HTTP: Nagios XI Graph Explorer visFunctions.inc.php Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Nagios XI. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-15902 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: December 01, 2020 Modified Filters (logic changes): * = Enabled in Default deployments 35671: TCP: Oracle WebLogic Server IIOP Deserialization of Untrusted Data Vulnerability (ZDI-20-1274) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "35671: ZDI-CAN-10818: Zero Day Initiative Vulnerability (Oracle WebLogic Server)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: June 16, 2020 - Last Modified Date: December 01, 2020 37869: HTTP: Advantech R-SeeNet device_position device_id SQL Injection Vulnerability (ZDI-20-1262) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37869: ZDI-CAN-11373: Zero Day Initiative Vulnerability (Advantech R-SeeNet)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 21, 2020 - Last Modified Date: December 01, 2020 37890: HTTP: WECON LeviStudioU HFT File Parsing Buffer Overflow Vulnerability (ZDI-20-1351) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37890: ZDI-CAN-11097: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 28, 2020 - Last Modified Date: December 01, 2020 37891: HTTP: WECON LeviStudioU HFT File Parsing Buffer Overflow Vulnerability (ZDI-20-1352) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37891: ZDI-CAN-11098: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 28, 2020 - Last Modified Date: December 01, 2020 37892: HTTP: WECON LeviStudioU HSC File Parsing CharSize Attribute Buffer Overflow (ZDI-20-1353) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37892: ZDI-CAN-11100: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 28, 2020 - Last Modified Date: December 01, 2020 Modified Filters (metadata changes only): * = Enabled in Default deployments 34780: TCP: Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Vulnerability(ZDI-20-1273) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: June 16, 2020 - Last Modified Date: December 01, 2020 38010: TCP: Oracle WebLogic Server IIOP Deserialization of Untrusted Data Vulnerability (ZDI-20-1276) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38010: ZDI-CAN-11453: Zero Day Initiative Vulnerability (Oracle WebLogic Server)". - Description updated. - Vulnerability references updated. - Release Date: August 18, 2020 - Last Modified Date: December 01, 2020 38063: TCP: Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Vulnerability(ZDI-20-1277) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: September 01, 2020 - Last Modified Date: December 01, 2020 Removed Filters: NoneTop of the Page